BROADCASTS.com

b"

hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 45 today we are discussing about The next type of exploit that were going to cover is called a buffer overflow.A buffer overflow occurs when a process in a program stores data outside the memory range allocated by the developer.Now, this begs the question, what exactly is a buffer?Well, a buffer is simply a temporary storage area that a program uses to store its data. Let's pretend that you have a glass sitting on a table.It can hold a certain amount of water, right?If it's designed to hold 16 ounces of liquid,but you pour 20 ounces in, well, the cup is going to overflow with water and the table is going to get wet.In this example, the glass is our buffer,and when we overflow it with our data, in our case water,the extra is going to spill out onto the table and make a huge mess.Buffer overflows in the IT world can also create a big mess for us.In fact, 85% of the data breaches were caused by a buffer overflow attack being used as the initial attack vector.So, let's take closer look at how a buffer overflow attack really works.Let's pretend you wanted to store my phone number into your contacts list.Here in the United States, our phone numbers consistof 10 digits.The first three digits are for our area code,which represents the city we live in.And the last seven digits represent the person's unique phone number.Before we had cell phones,you would simply pick up the phone and dial seven digits of your phone number because the telephone company assumed you wanted to place a local call within your own city or area code.So, let's pretend that the person who designed the contact list application on your phone decided they wanted to save some memory space and they wanted to use the smallest buffer possible,so they decided to use an eight-digit buffer because they are going to assume that you don't need to store an area code because you're going to make local calls.So, let's store my made-up phone number, 555-1234,into an eight-digit buffer called A.When I do this, you'll see that it takes up the first seven boxes labeled zero through six,because computers always start counting with zero,like you learned back in binary classes at happens, though, if we try to enter a number that's too long?Well, Buffer A isn't the only memory buffer that your contact list application can use.Right after Buffer A is Buffer B and then Buffer C and so on.So, let's consider how we store a longer phone number.For example, let's say you're out on vacation and you meet somebody but they don't live in your city.Well in this case, you need to store the area code and the phone number, like 410-555-1234.Since this now includes the area code for Annapolis, Maryland, we now have ten digits we need to store, but each buffer is only eight digits long because our programmer didn't quite think though all of the different types of phone numbers that one might need to store in their list.So, our contact list  application tries to storethis ten-digit number in an eight-digit buffer.But the last two digits overflow Buffer A and go into Buffer B.This is exactly what happens with a buffer overflow.Now, why is this a bad thing? Well, to explain that, we have to get a little bit technical, so bear with me. Each program reserves a chunk of system memory when it's run.This allows it to have a place to store data that it needs during processing.